Cyber defences 'to increasingly rely on security analytics'

The vast majority of public sector IT pros agree than big data analytics can assist with their cyber security operations.

With the number of cyber threats faced by organisations growing all the time, many businesses will have to turn to big data analytics technology in order to better detect and respond to these risks.

This is the finding of a recent survey by MeriTalk, conducted on behalf of Splunk Inc, which polled IT and security professionals in the US public sector. It revealed that 86 per cent of respondents agree that big data analytics will be able to improve their cyber security efforts.

However, it will take a significant shift in focus and culture to make the most of these solutions. Only 28 per cent of federal, state and local agencies say they are fully leveraging security analytics today, while nine out of ten professionals admit they are currently unable to gain a complete picture from the information they receive.

As a result of this, more than three-quarters of those surveyed (76 per cent) said their team is forced to operate reactively, rather than proactively. As the research also found cyber threats exist for an average of 16 days on government networks before being uncovered, this could leave these agencies exposed to a wide range of risks.

The goods news is that security professionals have faith in big data analytics' ability to improve this. More than six out of ten respondents (61 per cent) stated these solutions could help them improve their detection of threats in progress, while 51 per cent agreed big data would help them analyse information in real-time, and 49 per cent said the technology will enable them to conduct a conclusive root-cause analysis following an incident.

Kevin Davis, area vice-president for the public sector at Splunk, said that government organisations have access to a wealth of cyber threat information that can assist in their defences, if they have the right tools in place to leverage it.

"The challenge is managing that data and connecting the dots in real time. That's how we get immediate insight into threats," he continued. "Agencies need to detect threats faster and start to predict when and how they will occur."

One of the biggest challenges identified by the report was the sheer volume of information that government agencies have to deal with when it comes to managing their security.

More than two-thirds of respondents (68 per cent) said their organisation is "overwhelmed" by data, while 45 per cent of federal IT managers named data volumes as the single biggest challenge they face.

What's more, 78 per cent of all government cyber security professionals say at least some of their security data goes unanalysed due to a lack of time or skills within their team. While 70 per cent say their organisation is able to monitor streams of cyber data in real time, fewer can analyse it.

Founder of MeriTalk Steve O'Keeffe added that for many organisations, the task will be to shift their mindset from a culture of compliance to one where risk management is placed front and centre.

“Agencies need to think about 'big security' alongside big data," he said. Chief data officers need to be on the court. Data is the MVP."

In order to move from a reactive to proactive approach to cyber security, organisations need the right supporting tools in place. Innovations from Encode, supported by Splunk and IBM QRadar, can greatly help businesses take control of their operations by detecting breaches early and providing the tools necessary to counter them.